Currently, Tails ship an x86 (32-bit) userland but will load an x86_64 (64-bit) kernel if the system you're using has 64-bit support.

Supporting the "32-bit userspace on 64-bit hardware" combination has historically caused lots of trouble, both for developers and for users (e.g. #11518, #9969, #5606). Also, software built for 64-bit processors is more interesting from a security standpoint (e.g. it's harder to bruteforce offsets/addresses, ASLR becomes stronger in that sense as is PIE support).

So, we have a few good reasons to consider switching our userspace to 64-bit. This implies to drop support for 32-bit hardware. Is it acceptable to do that in Tails 3.0, that we will release at some point between 2017Q2 and 2018Q1?

32-bit vs. 64-bit kernel stats among WhisperBack bug reports:

32-bit

%

64-bit

%

2014Q2

31

15

171

85

2014Q3

53

18

244

82

2014Q4

34

13

226

86

2015Q1

30

10

243

89

2015Q2

27

15

155

85

2015Q3

36

14

213

86

2015Q4

17

7

210

92

2016Q1

32

8

349

91

2016Q2

14

6

201

93

2016Q3

18

7

215

92

Note that a good share of the 32-bit systems are virtual machines: e.g. in 2016Q1, 11 of the 32 32-bit systems were VirtualBox and VMware. It seems safe to assume that the hardware able to run Tails in a VM is most likely 64-bit, and is running a 64-bit host OS (this seems plausible given our current hardware requirements, and e.g. the VirtualBox ones are probably due to https://www.virtualbox.org/ticket/11037 that forces us to tell users to set up a 32-bit VM). So we should just ignore the 32-bit VMs when looking at these stats.

Other than those, we have (32 - 11) / (32 + 349) = 5.5% of bare metal 32-bit systems. On #8183#note-29 we have analyzed these systems, and to sum up, among these 21 bare metal systems:

4 supports only 64-bit CPU so will still work once we switch to full 64-bit (let's blame syslinux CPU auto-detection) => no regression

1 supports max. 512MB of RAM => is not supported currently

3 unknown

10 will be 10+ years old when we release Tails 3.x, and support max. 2GB of RAM => we can be that this hardware won't last much longer

the 3 remaining systems are from 2009 or 2012, and support max. 2GB of RAM

=> even including the 10+ years old systems in the equation, we're talking of dropping support for 16 (4.2%) of systems that currently report bugs about Tails.

Note that IMO it's not worth migrating the end-users' documentationat this stage: it can be done mostly mechanically, and doing it nowwould send us deep into merge conflict hell until this branch is merged.

I think that 18% of users on only X86 hardware is quite a lot and we can't just simply drop them. There's simply no excuse to do that.

Agreed. My point, in starting to gather these stats now, was not to make a decision immediately. It was rather to provide data points when we come back to it, say in 6-10 months, when Tails/Jessie is almost ready and (oh, surprise) has hardware requirements that are unlikely to be satisfied by more that a third of these 32-bits systems.

I wouldn't be surprised if the 32-bit/64-bit ratio dropped quite a bit until then anyway: hardware gets old, hardware dies. The remaining 32-bit boxes used in production around me won't live another full year.

Perhaps we should drop this for now, revisit this idea when we have reached our Tails 3.0 goals and see how much work it would be at that point in time?

The question in my opinion that gets raised now is, at which % of 32-bit users are we going to say, this is low enough that we should consider shipping an X86_64 iso. Will we wait another month to see if usage of 32-bit kernels are staying the same and then move to make a decision? Since then, it's been 8/9 months since Tails/jessie.

I think it's safe to assume that the hardware able to run Tails in a VM is most likely 64-bit, and is running a 64-bit host OS (this seems plausible given our current hardware requirements, and e.g. the 10 VirtualBox ones are probably due to https://www.virtualbox.org/ticket/11037 that forces us to tell users to set up a 32-bit VM). So IMO we should just ignore the 32-bit VMs from these stats.

The question in my opinion that gets raised now is, at which % of 32-bit users are we going to say, this is low enough that we should consider shipping an X86_64 iso. Will we wait another month to see if usage of 32-bit kernels are staying the same and then move to make a decision?

I think that at about 5% (given the above), we can already seriously start considering the switch to 64-bit: waiting for the long tails of 32-bit hardware to die can very well take years, and IMO we've already reached the acceptable limit to move on. And we already have 2 years of data, which sounds more than enough to have confidence in our estimates.

Still, IMO it would be nice to combine the switch to 64-bit with another, easier to understand, change in hardware requirements. I'm thinking e.g. of the move to Debian Stretch. I would not be ready to commit to it formally, but it would be nice to informally make the "if I get a 'new' box to be able to upgrade to Tails 2.0, then it'll work for all 2.x releases and I won't have to get another computer before 3.x" reasoning valid. Granted, that's quite a weak argument. I'm not sure. I could also live with switching now (as in: whenever any of us has time to make it happen, which would be ~2016Q4 I guess).

Note that shipping both 32-bit and 64-bit kernels makes e.g. #10298 much harder than it should be (#9969); that's one argument in favour of switching to 64-bit, instead of spending lots of time to support two kernels now, and then dropping all that work in 6-12 months.

My next question would be: do we actually support these systems in practice? I.e. were the bug reported about issues that prevent one from using Tails, and if yes, were we able to fix it? We've seen issues with old graphics cards vs. GNOME Shell (#11096), that we were not able to solve.

sajolida, if it's not too painful for you, it would be great if you could have a look at the bug report threads regarding these (relevant) systems, to give us an idea of whether they actually work on Tails currently. If you want to save time, only look at the ones that are from 2007 or later (I suspect that the 10+ years old hardware among those won't last much longer).

FTR sajolida sent me some data, but he did it using a sharing service that expires stuff after a while, and sadly I didn't look at it early enough so I could not access it. Anyway, I think we have enough info to make a decision wrt. Tails 3.0 (I could do #10298 without blocking on this topic so it's less an emergency than what I thought a couple months ago), so I'll sum this up and will send a proposal on tails-dev@, and add the issue to the next monthly meeting's agenda.